GH-500 Exam Questions
123 real GH-500 exam questions with expert-verified answers and explanations. Page 3 of 3.
- Question #101Configure and use secret scanning
Secret scanning will ignore a secret_scanning.yml file that
Secret scanningConfiguration limitssecret_scanning.ymlGHAS limitations - Question #102Configure and use secret scanning
By default, what is the minimum role needed to bypass push protection in a repository?
Push protectionRepository rolesGitHub permissionsSecret scanning - Question #103Secret Scanning
By default, who will receive an e-mail when a secret has been detected in a repository? Each answer presents a complete solution. (Choose two.)
Secret scanningNotificationsDefault recipientsRepository roles - Question #104Configure and use Dependabot and Dependency Review
Which of the following workflow events would trigger a dependency review? (Each answer presents a complete solution. Choose two.)
Dependency ReviewGitHub ActionsWorkflow TriggersGHAS - Question #105Dependency Management
A repository's dependency graph includes:
Dependency graphDependenciesManifest filesLock files - Question #106Configure and use Dependabot and Dependency Review
Assuming there is no custom Dependabot behavior configured, where possible, what does Dependabot do after sending an alert about a vulnerable dependency in a repository?
DependabotDependency remediationVulnerability managementPull requests - Question #107Secret Scanning
How many alerts are created when two instances of the same secret value are in the same repository?
Secret scanningAlert de-duplicationGitHub Advanced Security - Question #108Configure and use Dependabot and Dependency Review
In the pull request, how can developers avoid adding new dependencies with known vulnerabilities?
Dependency ReviewVulnerability PreventionPull Request SecurityGitHub Actions - Question #109Configure and use Dependabot and Dependency Review
If notification and alert recipients are not customized, which users receive notifications about new Dependabot alerts in an affected repository?
DependabotAlertsNotificationsPermissions - Question #110Configure and use Dependabot and Dependency Review
Which Dependabot configuration fields are required? Each answer presents part of the solution. (Choose three.)
Dependabot configurationRequired fieldsDependency updates - Question #111Describe the GHAS security features and functionality
As a repository owner, you want to receive specific notifications, including security alerts, for an individual repository. Which repository notification setting should you use?
Repository notificationsSecurity alertsGitHub settingsCustom notifications - Question #112Configure and use Dependabot and Dependency Review
Which of the following options would close a Dependabot alert?
Dependabot alertsVulnerability resolutionDependency managementSecurity remediation - Question #113Configure and use Dependabot and Dependency Review
You are a maintainer of a repository and Dependabot notifies you of a vulnerability. Where could the vulnerability have been disclosed? Each answer presents part of the solution. (...
DependabotVulnerability disclosureSecurity AdvisoriesManifest files - Question #114Implement and manage CodeQL
Which syntax in a query suite tells CodeQL to look for one or more specified .ql files?
CodeQLquery suitesquery specificationGHAS - Question #115Describe GitHub Advanced Security best practices, results, and how to take corrective measures
A colleague ignores a code scanning alert. What are the implications of the colleague's action? Each answer presents part of the solution. (Choose three.)
Code ScanningSecurity VulnerabilitiesSecurity RisksGHAS - Question #116Configure and use Code Scanning with CodeQL
Which of the following formats are used to describe a code scanning alert from CodeQL?
CodeQL AlertsCode ScanningCWEVulnerability Classification - Question #117Configure and use Code Scanning with CodeQL
You are configuring a CodeQL workflow for compiled languages. What happens if your workflow uses a language matrix?
CodeQLWorkflowsLanguage MatrixAutobuild - Question #118Configure and use Code Scanning with CodeQL
Using advanced setup, which code scanning configuration would help detect vulnerabilities before they are added to a shared branch?
Code ScanningGitHub ActionsPre-merge checksVulnerability detection - Question #119Code Scanning
What is code scanning?
Code ScanningSecurity VulnerabilitiesCode Analysis - Question #120Code Scanning
You are creating an application that will utilize the code scanning application programming interface (API) to export a repository's alerts into a comma separated values (CSV) file...
Code Scanning APIGitHub Token ScopesSecurity Events - Question #121Code Scanning
To be compatible with code scanning, what data format must third-party code scanning tools use for output?
Code ScanningSARIFThird-party toolsInteroperability - Question #122Configure and use Code Scanning with CodeQL
Where can a user change a repository's code scanning severity threshold that fails a pull request status check?
Code scanning configurationSeverity thresholdsPull request status checksGitHub UI - Question #123Implement and manage GitHub Advanced Security at scale
Which of the following is required to block the merge of a pull request containing critical vulnerabilities? Each correct answer presents part of the solution. (Choose two.)
Pull Request SecurityBranch Protection RulesRepository RulesetsGHAS Enforcement